Eric Swanson wrote:
... [ldap] Added User-Password = {SSHA}i9--censored--JI in check items [ldap] looking for check items in directory... rlm_ldap: sambaNtPassword -> NT-Password == 0x4338--censored--4531 rlm_ldap: sambaLmPassword -> LM-Password == 0x4637--censored--4545
You have 3 versions of the "known good" password for the user. Which one do you want to use?
[pap] Using CRYPT encryption.
And the "pap" module isn't configured to use any of them.
The part that seems strange to me is that the system clearly identifies the type of passwords we are using ("Normalizing SSHA1-Password from base64 encoding" seems proof enough of that), but a couple lines later PAP has decided to use CRYPT encryption for some reason. I can't imagine what I've done to make the system believe it should use CRYPT instead of SSHA.
Check the configuration of the PAP module. Alan DeKok.